[people/stevee/ipfire-3.x.git] / nfs-utils / patches / nfs-utils.1.2.8.rc3.patch

diff --git a/support/export/rmtab.c b/support/export/rmtab.c
index 31c0f50..d16b3b3 100644
--- a/support/export/rmtab.c
+++ b/support/export/rmtab.c
@@ -1,7 +1,7 @@
 /*
- * support/export/rmntab.c
+ * support/export/rmtab.c
  *
- * Interface to the rmnt file.
+ * Interface to the rmtab file.
  *
  */
 
@@ -12,7 +12,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include "xmalloc.h"
+
 #include "misc.h"
 #include "nfslib.h"
 #include "exportfs.h"
diff --git a/support/export/xtab.c b/support/export/xtab.c
index 2a43193..e953071 100644
--- a/support/export/xtab.c
+++ b/support/export/xtab.c
@@ -14,7 +14,7 @@
 #include <unistd.h>
 #include <stdlib.h>
 #include <string.h>
-#include "xmalloc.h"
+
 #include "nfslib.h"
 #include "exportfs.h"
 #include "xio.h"
diff --git a/support/nfs/cacheio.c b/support/nfs/cacheio.c
index e641c45..61e07a8 100644
--- a/support/nfs/cacheio.c
+++ b/support/nfs/cacheio.c
@@ -162,11 +162,16 @@ int qword_eol(FILE *f)
 {
 	int err;
 
-	fprintf(f,"\n");
-	err = fflush(f);
-	if (err) {
-		xlog_warn("qword_eol: fflush failed: errno %d (%s)",
+	err = fprintf(f,"\n");
+	if (err < 0) {
+		xlog_warn("qword_eol: fprintf failed: errno %d (%s)",
 			    errno, strerror(errno));
+	} else {
+		err = fflush(f);
+		if (err) {
+			xlog_warn("qword_eol: fflush failed: errno %d (%s)",
+				  errno, strerror(errno));
+		}
 	}
 	/*
 	 * We must send one line (and one line only) in a single write
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index ec251fa..d01ba2f 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -52,6 +52,7 @@
 #include <sys/socket.h>
 #include <arpa/inet.h>
 #include <sys/fsuid.h>
+#include <sys/resource.h>
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -250,21 +251,10 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
 	if ((p = strstr(buf, "port")) != NULL)
 		sscanf(p, "port: %127s\n", port);
 
-	/* check service, program, and version */
-	if (memcmp(service, "nfs", 3) != 0)
-		return -1;
+	/* get program, and version numbers */
 	*prog = atoi(program + 1); /* skip open paren */
 	*vers = atoi(version);
 
-	if (strlen(service) == 3 ) {
-		if ((*prog != 100003) || ((*vers != 2) && (*vers != 3) &&
-		    (*vers != 4)))
-			goto fail;
-	} else if (memcmp(service, "nfs4_cb", 7) == 0) {
-		if (*vers != 1)
-			goto fail;
-	}
-
 	if (!addrstr_to_sockaddr(addr, address, port))
 		goto fail;
 
@@ -398,10 +388,10 @@ process_clnt_dir_files(struct clnt_info * clp)
 static int
 get_poll_index(int *ind)
 {
-	int i;
+	unsigned int i;
 
 	*ind = -1;
-	for (i=0; i<FD_ALLOC_BLOCK; i++) {
+	for (i=0; i<pollsize; i++) {
 		if (pollarray[i].events == 0) {
 			*ind = i;
 			break;
@@ -483,9 +473,13 @@ fail_keep_client:
 void
 init_client_list(void)
 {
+	struct rlimit rlim;
 	TAILQ_INIT(&clnt_list);
 	/* Eventually plan to grow/shrink poll array: */
 	pollsize = FD_ALLOC_BLOCK;
+	if (getrlimit(RLIMIT_NOFILE, &rlim) < 0 &&
+	    rlim.rlim_cur != RLIM_INFINITY)
+		pollsize = rlim.rlim_cur;
 	pollarray = calloc(pollsize, sizeof(struct pollfd));
 }
 
@@ -567,9 +561,8 @@ process_pipedir(char *pipe_name)
 
 	update_old_clients(namelist, j, pipe_name);
 	for (i=0; i < j; i++) {
-		if (i < FD_ALLOC_BLOCK
-				&& !strncmp(namelist[i]->d_name, "clnt", 4)
-				&& !find_client(namelist[i]->d_name, pipe_name))
+		if (!strncmp(namelist[i]->d_name, "clnt", 4)
+		    && !find_client(namelist[i]->d_name, pipe_name))
 			process_clnt_dir(namelist[i]->d_name, pipe_name);
 		free(namelist[i]);
 	}
@@ -962,12 +955,6 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 
 	printerr(1, "handling krb5 upcall (%s)\n", clp->dirname);
 
-	if (tgtname) {
-		if (clp->servicename) {
-			free(clp->servicename);
-			clp->servicename = strdup(tgtname);
-		}
-	}
 	token.length = 0;
 	token.value = NULL;
 	memset(&pd, 0, sizeof(struct authgss_private_data));
@@ -1016,7 +1003,8 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 			int success = 0;
 			do {
 				gssd_refresh_krb5_machine_credential(clp->servername,
-								     NULL, service);
+								     NULL, service,
+								     tgtname);
 				/*
 				 * Get a list of credential cache names and try each
 				 * of them until one works or we've tried them all
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 60ba594..aeb8f70 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -774,12 +774,16 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
 }
 
 /*
- * Find a keytab entry to use for a given target hostname.
+ * Find a keytab entry to use for a given target realm.
  * Tries to find the most appropriate keytab to use given the
  * name of the host we are trying to connect with.
+ *
+ * Note: the tgtname contains a hostname in the realm that we
+ * are authenticating to. It may, or may not be the same as
+ * the server hostname.
  */
 static int
-find_keytab_entry(krb5_context context, krb5_keytab kt, const char *hostname,
+find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
 		  krb5_keytab_entry *kte, const char **svcnames)
 {
 	krb5_error_code code;
@@ -795,7 +799,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *hostname,
 
 
 	/* Get full target hostname */
-	retval = get_full_hostname(hostname, targethostname,
+	retval = get_full_hostname(tgtname, targethostname,
 				   sizeof(targethostname));
 	if (retval)
 		goto out;
@@ -1128,7 +1132,7 @@ gssd_get_krb5_machine_cred_list(char ***list)
 		if (ple->ccname) {
 			/* Make sure cred is up-to-date before returning it */
 			retval = gssd_refresh_krb5_machine_credential(NULL, ple,
-				NULL);
+				NULL, NULL);
 			if (retval)
 				continue;
 			if (i + 1 > listsize) {
@@ -1219,7 +1223,8 @@ gssd_destroy_krb5_machine_creds(void)
 int
 gssd_refresh_krb5_machine_credential(char *hostname,
 				     struct gssd_k5_kt_princ *ple, 
-					 char *service)
+					 char *service,
+					 char *tgtname)
 {
 	krb5_error_code code = 0;
 	krb5_context context;
@@ -1258,7 +1263,10 @@ gssd_refresh_krb5_machine_credential(char *hostname,
 	if (ple == NULL) {
 		krb5_keytab_entry kte;
 
-		code = find_keytab_entry(context, kt, hostname, &kte, svcnames);
+		if (tgtname == NULL)
+			tgtname = hostname;
+
+		code = find_keytab_entry(context, kt, tgtname, &kte, svcnames);
 		if (code) {
 			printerr(0, "ERROR: %s: no usable keytab entry found "
 				 "in keytab %s for connection with host %s\n",
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index cd6e107..9f41625 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -31,7 +31,8 @@ void gssd_setup_krb5_machine_gss_ccache(char *servername);
 void gssd_destroy_krb5_machine_creds(void);
 int  gssd_refresh_krb5_machine_credential(char *hostname,
 					  struct gssd_k5_kt_princ *ple, 
-					  char *service);
+					  char *service,
+					  char *tgtname);
 char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
 void gssd_k5_get_default_realm(char **def_realm);
 
diff --git a/utils/gssd/svcgssd_krb5.c b/utils/gssd/svcgssd_krb5.c
index 6c34faf..1d44d34 100644
--- a/utils/gssd/svcgssd_krb5.c
+++ b/utils/gssd/svcgssd_krb5.c
@@ -38,6 +38,7 @@
 
 #include <stdio.h>
 #include <errno.h>
+#include <ctype.h>
 #include <gssapi/gssapi.h>
 #include <krb5.h>
 
@@ -98,6 +99,12 @@ parse_enctypes(char *enctypes)
 	if (n == 0)
 		return ENOENT;
 
+	/* Skip pass any non digits */
+	while (*enctypes && isdigit(*enctypes) == 0)
+		enctypes++;
+	if (*enctypes == '\0')
+		return EINVAL;
+
 	/* Allocate space for enctypes array */
 	if ((parsed_enctypes = (int *) calloc(n, sizeof(int))) == NULL) {
 		return ENOMEM;
diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
index e80efb4..beba9c4 100644
--- a/utils/idmapd/idmapd.c
+++ b/utils/idmapd/idmapd.c
@@ -145,7 +145,6 @@ static void svrreopen(int, short, void *);
 static int  nfsopen(struct idmap_client *);
 static void nfscb(int, short, void *);
 static void nfsdcb(int, short, void *);
-static int  validateascii(char *, u_int32_t);
 static int  addfield(char **, ssize_t *, char *);
 static int  getfield(char **, char *, size_t);
 
@@ -425,7 +424,8 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data)
 			    pipefsdir, ents[i]->d_name);
 
 			if ((ic->ic_dirfd = open(path, O_RDONLY, 0)) == -1) {
-				xlog_warn("dirscancb: open(%s): %s", path, strerror(errno));
+				if (verbose > 0)
+					xlog_warn("dirscancb: open(%s): %s", path, strerror(errno));
 				free(ic);
 				goto out;
 			}
@@ -642,6 +642,8 @@ out:
 static void
 imconv(struct idmap_client *ic, struct idmap_msg *im)
 {
+	u_int32_t len;
+
 	switch (im->im_conv) {
 	case IDMAP_CONV_IDTONAME:
 		idtonameres(im);
@@ -652,10 +654,10 @@ imconv(struct idmap_client *ic, struct idmap_msg *im)
 			    im->im_id, im->im_name);
 		break;
 	case IDMAP_CONV_NAMETOID:
-		if (validateascii(im->im_name, sizeof(im->im_name)) == -1) {
-			im->im_status |= IDMAP_STATUS_INVALIDMSG;
+		len = strnlen(im->im_name, IDMAP_NAMESZ - 1);
+		/* Check for NULL termination just to be careful */
+		if (im->im_name[len+1] != '\0')
 			return;
-		}
 		nametoidres(im);
 		if (verbose > 1)
 			xlog_warn("%s %s: (%s) name \"%s\" -> id \"%d\"",
@@ -855,25 +857,6 @@ nametoidres(struct idmap_msg *im)
 }
 
 static int
-validateascii(char *string, u_int32_t len)
-{
-	u_int32_t i;
-
-	for (i = 0; i < len; i++) {
-		if (string[i] == '\0')
-			break;
-
-		if (string[i] & 0x80)
-			return (-1);
-	}
-
-	if ((i >= len) || string[i] != '\0')
-		return (-1);
-
-	return (i + 1);
-}
-
-static int
 addfield(char **bpp, ssize_t *bsizp, char *fld)
 {
 	char ch, *bp = *bpp;
diff --git a/utils/mount/error.c b/utils/mount/error.c
index 83ad1d2..f8fc13f 100644
--- a/utils/mount/error.c
+++ b/utils/mount/error.c
@@ -225,7 +225,7 @@ void mount_error(const char *spec, const char *mount_point, int error)
 	case ENOENT:
 		if (spec)
 			nfs_error(_("%s: mounting %s failed, "
-				"reason given by server:\n  %s"),
+				"reason given by server: %s"),
 				progname, spec, strerror(error));
 		else
 			nfs_error(_("%s: mount point %s does not exist"),
diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c
index 9b4197b..8ee3024 100644
--- a/utils/mount/stropts.c
+++ b/utils/mount/stropts.c
@@ -666,6 +666,7 @@ static int nfs_try_mount_v3v2(struct nfsmount_info *mi)
 		case EOPNOTSUPP:
 		case EHOSTUNREACH:
 		case ETIMEDOUT:
+		case EACCES:
 			continue;
 		default:
 			goto out;
@@ -761,6 +762,7 @@ static int nfs_try_mount_v4(struct nfsmount_info *mi)
 		case ECONNREFUSED:
 		case EHOSTUNREACH:
 		case ETIMEDOUT:
+		case EACCES:
 			continue;
 		default:
 			goto out;
diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c
index 508040a..330cab5 100644
--- a/utils/mountd/auth.c
+++ b/utils/mountd/auth.c
@@ -10,10 +10,12 @@
 #include <config.h>
 #endif
 
+#include <sys/types.h>
 #include <sys/stat.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <unistd.h>
 
 #include "sockaddr.h"
@@ -21,7 +23,6 @@
 #include "nfslib.h"
 #include "exportfs.h"
 #include "mountd.h"
-#include "xmalloc.h"
 #include "v4root.h"
 
 enum auth_error
diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
index e950ec6..45012be 100644
--- a/utils/mountd/cache.c
+++ b/utils/mountd/cache.c
@@ -29,7 +29,6 @@
 #include "nfslib.h"
 #include "exportfs.h"
 #include "mountd.h"
-#include "xmalloc.h"
 #include "fsloc.h"
 #include "pseudoflavors.h"
 
@@ -109,12 +108,10 @@ static void auth_unix_ip(FILE *f)
 		struct addrinfo *ai = NULL;
 
 		ai = client_resolve(tmp->ai_addr);
-		if (ai == NULL)
-			goto out;
-		client = client_compose(ai);
-		freeaddrinfo(ai);
-		if (!client)
-			goto out;
+		if (ai) {
+			client = client_compose(ai);
+			freeaddrinfo(ai);
+		}
 	}
 	qword_print(f, "nfsd");
 	qword_print(f, ipaddr);
@@ -127,7 +124,6 @@ static void auth_unix_ip(FILE *f)
 	xlog(D_CALL, "auth_unix_ip: client %p '%s'", client, client?client: "DEFAULT");
 
 	free(client);
-out:
 	freeaddrinfo(tmp);
 
 }
@@ -347,6 +343,30 @@ static char *next_mnt(void **v, char *p)
 	return me->mnt_dir;
 }
 
+static int is_subdirectory(char *child, char *parent)
+{
+	size_t l = strlen(parent);
+
+	if (strcmp(parent, "/") == 0)
+		return 1;
+
+	return strcmp(child, parent) == 0
+		|| (strncmp(child, parent, l) == 0 && child[l] == '/');
+}
+
+static int path_matches(nfs_export *exp, char *path)
+{
+	if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
+		return is_subdirectory(path, exp->m_export.e_path);
+	return strcmp(path, exp->m_export.e_path) == 0;
+}
+
+static int
+export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai)
+{
+	return path_matches(exp, path) && client_matches(exp, dom, ai);
+}
+
 /* True iff e1 is a child of e2 and e2 has crossmnt set: */
 static bool subexport(struct exportent *e1, struct exportent *e2)
 {
@@ -354,8 +374,7 @@ static bool subexport(struct exportent *e1, struct exportent *e2)
 	size_t l2 = strlen(p2);
 
 	return e2->e_flags & NFSEXP_CROSSMOUNT
-	       && strncmp(p1, p2, l2) == 0
-	       && p1[l2] == '/';
+		&& is_subdirectory(p1, p2);
 }
 
 struct parsed_fsid {
@@ -756,27 +775,6 @@ static int dump_to_cache(FILE *f, char *domain, char *path, struct exportent *ex
 	return qword_eol(f);
 }
 
-static int is_subdirectory(char *child, char *parent)
-{
-	size_t l = strlen(parent);
-
-	return strcmp(child, parent) == 0
-		|| (strncmp(child, parent, l) == 0 && child[l] == '/');
-}
-
-static int path_matches(nfs_export *exp, char *path)
-{
-	if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
-		return is_subdirectory(path, exp->m_export.e_path);
-	return strcmp(path, exp->m_export.e_path) == 0;
-}
-
-static int
-export_matches(nfs_export *exp, char *dom, char *path, struct addrinfo *ai)
-{
-	return path_matches(exp, path) && client_matches(exp, dom, ai);
-}
-
 static nfs_export *
 lookup_export(char *dom, char *path, struct addrinfo *ai)
 {
@@ -830,6 +828,7 @@ lookup_export(char *dom, char *path, struct addrinfo *ai)
 
 #ifdef HAVE_NFS_PLUGIN_H
 #include <dlfcn.h>
+#include <link.h>
 #include <nfs-plugin.h>
 
 /*
@@ -1094,6 +1093,7 @@ static struct exportent *lookup_junction(char *dom, const char *pathname,
 		struct addrinfo *ai)
 {
 	struct exportent *exp;
+	struct link_map *map;
 	void *handle;
 
 	handle = dlopen("libnfsjunct.so", RTLD_NOW);
@@ -1101,6 +1101,11 @@ static struct exportent *lookup_junction(char *dom, const char *pathname,
 		xlog(D_GENERAL, "%s: dlopen: %s", __func__, dlerror());
 		return NULL;
 	}
+
+	if (dlinfo(handle, RTLD_DI_LINKMAP, &map) == 0)
+		xlog(D_GENERAL, "%s: loaded plug-in %s",
+			__func__, map->l_name);
+
 	(void)dlerror();	/* Clear any error */
 
 	exp = invoke_junction_ops(handle, dom, pathname, ai);
diff --git a/utils/nfsdcltrack/nfsdcltrack.c b/utils/nfsdcltrack/nfsdcltrack.c
index 9801b9c..4334340 100644
--- a/utils/nfsdcltrack/nfsdcltrack.c
+++ b/utils/nfsdcltrack/nfsdcltrack.c
@@ -379,6 +379,17 @@ cltrack_legacy_gracedone(void)
 	while ((entry = readdir(v4recovery))) {
 		int len;
 
+		/* skip "." and ".." */
+		if (entry->d_name[0] == '.') {
+			switch (entry->d_name[1]) {
+			case '\0':
+				continue;
+			case '.':
+				if (entry->d_name[2] == '\0')
+					continue;
+			}
+		}
+
 		/* borrow the clientid blob for this */
 		len = snprintf((char *)blob, sizeof(blob), "%s/%s", dirname,
 				entry->d_name);
diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c
index 4ecb03c..fd576d9 100644
--- a/utils/statd/rmtcall.c
+++ b/utils/statd/rmtcall.c
@@ -68,21 +68,19 @@ statd_get_socket(void)
 {
 	struct sockaddr_in	sin;
 	struct servent *se;
-	int loopcnt = 100;
+	const int loopcnt = 100;
+	int i, tmp_sockets[loopcnt];
 
 	if (sockfd >= 0)
 		return sockfd;
 
-	while (loopcnt-- > 0) {
-
-		if (sockfd >= 0) close(sockfd);
+	for (i = 0; i < loopcnt; ++i) {
 
 		if ((sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
 			xlog(L_ERROR, "%s: Can't create socket: %m", __func__);
-			return -1;
+			break;
 		}
 
-
 		memset(&sin, 0, sizeof(sin));
 		sin.sin_family = AF_INET;
 		sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
@@ -96,7 +94,16 @@ statd_get_socket(void)
 		if (se == NULL)
 			break;
 		/* rather not use that port, try again */
+
+		tmp_sockets[i] = sockfd;
 	}
+
+	while (--i >= 0)
+		close(tmp_sockets[i]);
+
+	if (sockfd < 0)
+		return -1;
+
 	FD_SET(sockfd, &SVC_FDSET);
 	return sockfd;
 }
Commit	Line	Data
61166a61 MT	1	diff --git a/support/export/rmtab.c b/support/export/rmtab.c
	2	index 31c0f50..d16b3b3 100644
	3	--- a/support/export/rmtab.c
	4	+++ b/support/export/rmtab.c
	5	@@ -1,7 +1,7 @@
	6	/*
	7	- * support/export/rmntab.c
	8	+ * support/export/rmtab.c
	9	*
	10	- * Interface to the rmnt file.
	11	+ * Interface to the rmtab file.
	12	*
	13	*/
	14
	15	@@ -12,7 +12,7 @@
	16	#include <stdlib.h>
	17	#include <string.h>
	18	#include <errno.h>
	19	-#include "xmalloc.h"
	20	+
	21	#include "misc.h"
	22	#include "nfslib.h"
	23	#include "exportfs.h"
	24	diff --git a/support/export/xtab.c b/support/export/xtab.c
	25	index 2a43193..e953071 100644
	26	--- a/support/export/xtab.c
	27	+++ b/support/export/xtab.c
	28	@@ -14,7 +14,7 @@
	29	#include <unistd.h>
	30	#include <stdlib.h>
	31	#include <string.h>
	32	-#include "xmalloc.h"
	33	+
	34	#include "nfslib.h"
	35	#include "exportfs.h"
	36	#include "xio.h"
	37	diff --git a/support/nfs/cacheio.c b/support/nfs/cacheio.c
	38	index e641c45..61e07a8 100644
	39	--- a/support/nfs/cacheio.c
	40	+++ b/support/nfs/cacheio.c
	41	@@ -162,11 +162,16 @@ int qword_eol(FILE *f)
	42	{
	43	int err;
	44
	45	- fprintf(f,"\n");
	46	- err = fflush(f);
	47	- if (err) {
	48	- xlog_warn("qword_eol: fflush failed: errno %d (%s)",
	49	+ err = fprintf(f,"\n");
	50	+ if (err < 0) {
	51	+ xlog_warn("qword_eol: fprintf failed: errno %d (%s)",
	52	errno, strerror(errno));
	53	+ } else {
	54	+ err = fflush(f);
	55	+ if (err) {
	56	+ xlog_warn("qword_eol: fflush failed: errno %d (%s)",
	57	+ errno, strerror(errno));
	58	+ }
	59	}
	60	/*
	61	* We must send one line (and one line only) in a single write
	62	diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
	63	index ec251fa..d01ba2f 100644
	64	--- a/utils/gssd/gssd_proc.c
65	+++ b/utils/gssd/gssd_proc.c
66	@@ -52,6 +52,7 @@
67	#include <sys/socket.h>
68	#include <arpa/inet.h>
69	#include <sys/fsuid.h>
70	+#include <sys/resource.h>
71
72	#include <stdio.h>
73	#include <stdlib.h>
74	@@ -250,21 +251,10 @@ read_service_info(char info_file_name, char servicename, char *servername,
75	if ((p = strstr(buf, "port")) != NULL)
76	sscanf(p, "port: %127s\n", port);
77
78	- /* check service, program, and version */
79	- if (memcmp(service, "nfs", 3) != 0)
80	- return -1;
81	+ /* get program, and version numbers */
82	prog = atoi(program + 1); / skip open paren */
83	*vers = atoi(version);
84
85	- if (strlen(service) == 3 ) {
86	- if ((prog != 100003) \|\| ((vers != 2) && (*vers != 3) &&
87	- (*vers != 4)))
88	- goto fail;
89	- } else if (memcmp(service, "nfs4_cb", 7) == 0) {
90	- if (*vers != 1)
91	- goto fail;
92	- }
93	-
94	if (!addrstr_to_sockaddr(addr, address, port))
95	goto fail;
96
97	@@ -398,10 +388,10 @@ process_clnt_dir_files(struct clnt_info * clp)
98	static int
99	get_poll_index(int *ind)
100	{
101	- int i;
102	+ unsigned int i;
103
104	*ind = -1;
105	- for (i=0; i<FD_ALLOC_BLOCK; i++) {
106	+ for (i=0; i<pollsize; i++) {
107	if (pollarray[i].events == 0) {
108	*ind = i;
109	break;
110	@@ -483,9 +473,13 @@ fail_keep_client:
111	void
112	init_client_list(void)
113	{
114	+ struct rlimit rlim;
115	TAILQ_INIT(&clnt_list);
116	/* Eventually plan to grow/shrink poll array: */
117	pollsize = FD_ALLOC_BLOCK;
118	+ if (getrlimit(RLIMIT_NOFILE, &rlim) < 0 &&
119	+ rlim.rlim_cur != RLIM_INFINITY)
120	+ pollsize = rlim.rlim_cur;
121	pollarray = calloc(pollsize, sizeof(struct pollfd));
122	}
123
124	@@ -567,9 +561,8 @@ process_pipedir(char *pipe_name)
125
126	update_old_clients(namelist, j, pipe_name);
127	for (i=0; i < j; i++) {
128	- if (i < FD_ALLOC_BLOCK
129	- && !strncmp(namelist[i]->d_name, "clnt", 4)
130	- && !find_client(namelist[i]->d_name, pipe_name))
131	+ if (!strncmp(namelist[i]->d_name, "clnt", 4)
132	+ && !find_client(namelist[i]->d_name, pipe_name))
133	process_clnt_dir(namelist[i]->d_name, pipe_name);
134	free(namelist[i]);
135	}
136	@@ -962,12 +955,6 @@ process_krb5_upcall(struct clnt_info clp, uid_t uid, int fd, char tgtname,
137
138	printerr(1, "handling krb5 upcall (%s)\n", clp->dirname);
139
140	- if (tgtname) {
141	- if (clp->servicename) {
142	- free(clp->servicename);
143	- clp->servicename = strdup(tgtname);
144	- }
145	- }
146	token.length = 0;
147	token.value = NULL;
148	memset(&pd, 0, sizeof(struct authgss_private_data));
149	@@ -1016,7 +1003,8 @@ process_krb5_upcall(struct clnt_info clp, uid_t uid, int fd, char tgtname,
150	int success = 0;
151	do {
152	gssd_refresh_krb5_machine_credential(clp->servername,
153	- NULL, service);
154	+ NULL, service,
155	+ tgtname);
156	/*
157	* Get a list of credential cache names and try each
158	* of them until one works or we've tried them all
159	diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
160	index 60ba594..aeb8f70 100644
161	--- a/utils/gssd/krb5_util.c
162	+++ b/utils/gssd/krb5_util.c
163	@@ -774,12 +774,16 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt,
164	}
165
166	/*
167	- * Find a keytab entry to use for a given target hostname.
168	+ * Find a keytab entry to use for a given target realm.
169	* Tries to find the most appropriate keytab to use given the
170	* name of the host we are trying to connect with.
171	+ *
172	+ * Note: the tgtname contains a hostname in the realm that we
173	+ * are authenticating to. It may, or may not be the same as
174	+ * the server hostname.
175	*/
176	static int
177	-find_keytab_entry(krb5_context context, krb5_keytab kt, const char *hostname,
178	+find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname,
179	krb5_keytab_entry kte, const char *svcnames)
180	{
181	krb5_error_code code;
182	@@ -795,7 +799,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *hostname,
183
184
185	/* Get full target hostname */
186	- retval = get_full_hostname(hostname, targethostname,
187	+ retval = get_full_hostname(tgtname, targethostname,
188	sizeof(targethostname));
189	if (retval)
190	goto out;
191	@@ -1128,7 +1132,7 @@ gssd_get_krb5_machine_cred_list(char ***list)
192	if (ple->ccname) {
193	/* Make sure cred is up-to-date before returning it */
194	retval = gssd_refresh_krb5_machine_credential(NULL, ple,
195	- NULL);
196	+ NULL, NULL);
197	if (retval)
198	continue;
199	if (i + 1 > listsize) {
200	@@ -1219,7 +1223,8 @@ gssd_destroy_krb5_machine_creds(void)
201	int
202	gssd_refresh_krb5_machine_credential(char *hostname,
203	struct gssd_k5_kt_princ *ple,
204	- char *service)
205	+ char *service,
206	+ char *tgtname)
207	{
208	krb5_error_code code = 0;
209	krb5_context context;
210	@@ -1258,7 +1263,10 @@ gssd_refresh_krb5_machine_credential(char *hostname,
211	if (ple == NULL) {
212	krb5_keytab_entry kte;
213
214	- code = find_keytab_entry(context, kt, hostname, &kte, svcnames);
215	+ if (tgtname == NULL)
216	+ tgtname = hostname;
217	+
218	+ code = find_keytab_entry(context, kt, tgtname, &kte, svcnames);
219	if (code) {
220	printerr(0, "ERROR: %s: no usable keytab entry found "
221	"in keytab %s for connection with host %s\n",
222	diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
223	index cd6e107..9f41625 100644
224	--- a/utils/gssd/krb5_util.h
225	+++ b/utils/gssd/krb5_util.h
226	@@ -31,7 +31,8 @@ void gssd_setup_krb5_machine_gss_ccache(char *servername);
227	void gssd_destroy_krb5_machine_creds(void);
228	int gssd_refresh_krb5_machine_credential(char *hostname,
229	struct gssd_k5_kt_princ *ple,
230	- char *service);
231	+ char *service,
232	+ char *tgtname);
233	char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
234	void gssd_k5_get_default_realm(char **def_realm);
235
236	diff --git a/utils/gssd/svcgssd_krb5.c b/utils/gssd/svcgssd_krb5.c
237	index 6c34faf..1d44d34 100644
238	--- a/utils/gssd/svcgssd_krb5.c
239	+++ b/utils/gssd/svcgssd_krb5.c
240	@@ -38,6 +38,7 @@
241
242	#include <stdio.h>
243	#include <errno.h>
244	+#include <ctype.h>
245	#include <gssapi/gssapi.h>
246	#include <krb5.h>
247
248	@@ -98,6 +99,12 @@ parse_enctypes(char *enctypes)
249	if (n == 0)
250	return ENOENT;
251
252	+ /* Skip pass any non digits */
253	+ while (enctypes && isdigit(enctypes) == 0)
254	+ enctypes++;
255	+ if (*enctypes == '\0')
256	+ return EINVAL;
257	+
258	/* Allocate space for enctypes array */
259	if ((parsed_enctypes = (int *) calloc(n, sizeof(int))) == NULL) {
260	return ENOMEM;
261	diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
262	index e80efb4..beba9c4 100644
263	--- a/utils/idmapd/idmapd.c
264	+++ b/utils/idmapd/idmapd.c
265	@@ -145,7 +145,6 @@ static void svrreopen(int, short, void *);
266	static int nfsopen(struct idmap_client *);
267	static void nfscb(int, short, void *);
268	static void nfsdcb(int, short, void *);
269	-static int validateascii(char *, u_int32_t);
270	static int addfield(char *, ssize_t , char *);
271	static int getfield(char *, char , size_t);
272
273	@@ -425,7 +424,8 @@ dirscancb(int UNUSED(fd), short UNUSED(which), void *data)
274	pipefsdir, ents[i]->d_name);
275
276	if ((ic->ic_dirfd = open(path, O_RDONLY, 0)) == -1) {
277	- xlog_warn("dirscancb: open(%s): %s", path, strerror(errno));
278	+ if (verbose > 0)
279	+ xlog_warn("dirscancb: open(%s): %s", path, strerror(errno));
280	free(ic);
281	goto out;
282	}
283	@@ -642,6 +642,8 @@ out:
284	static void
285	imconv(struct idmap_client ic, struct idmap_msg im)
286	{
287	+ u_int32_t len;
288	+
289	switch (im->im_conv) {
290	case IDMAP_CONV_IDTONAME:
291	idtonameres(im);
292	@@ -652,10 +654,10 @@ imconv(struct idmap_client ic, struct idmap_msg im)
293	im->im_id, im->im_name);
294	break;
295	case IDMAP_CONV_NAMETOID:
296	- if (validateascii(im->im_name, sizeof(im->im_name)) == -1) {
297	- im->im_status \|= IDMAP_STATUS_INVALIDMSG;
298	+ len = strnlen(im->im_name, IDMAP_NAMESZ - 1);
299	+ /* Check for NULL termination just to be careful */
300	+ if (im->im_name[len+1] != '\0')
301	return;
302	- }
303	nametoidres(im);
304	if (verbose > 1)
305	xlog_warn("%s %s: (%s) name \"%s\" -> id \"%d\"",
306	@@ -855,25 +857,6 @@ nametoidres(struct idmap_msg *im)
307	}
308
309	static int
310	-validateascii(char *string, u_int32_t len)
311	-{
312	- u_int32_t i;
313	-
314	- for (i = 0; i < len; i++) {
315	- if (string[i] == '\0')
316	- break;
317	-
318	- if (string[i] & 0x80)
319	- return (-1);
320	- }
321	-
322	- if ((i >= len) \|\| string[i] != '\0')
323	- return (-1);
324	-
325	- return (i + 1);
326	-}
327	-
328	-static int
329	addfield(char *bpp, ssize_t bsizp, char *fld)
330	{
331	char ch, bp = bpp;
332	diff --git a/utils/mount/error.c b/utils/mount/error.c
333	index 83ad1d2..f8fc13f 100644
334	--- a/utils/mount/error.c
335	+++ b/utils/mount/error.c
336	@@ -225,7 +225,7 @@ void mount_error(const char spec, const char mount_point, int error)
337	case ENOENT:
338	if (spec)
339	nfs_error(_("%s: mounting %s failed, "
340	- "reason given by server:\n %s"),
341	+ "reason given by server: %s"),
342	progname, spec, strerror(error));
343	else
344	nfs_error(_("%s: mount point %s does not exist"),
345	diff --git a/utils/mount/stropts.c b/utils/mount/stropts.c
346	index 9b4197b..8ee3024 100644
347	--- a/utils/mount/stropts.c
348	+++ b/utils/mount/stropts.c
349	@@ -666,6 +666,7 @@ static int nfs_try_mount_v3v2(struct nfsmount_info *mi)
350	case EOPNOTSUPP:
351	case EHOSTUNREACH:
352	case ETIMEDOUT:
353	+ case EACCES:
354	continue;
355	default:
356	goto out;
357	@@ -761,6 +762,7 @@ static int nfs_try_mount_v4(struct nfsmount_info *mi)
358	case ECONNREFUSED:
359	case EHOSTUNREACH:
360	case ETIMEDOUT:
361	+ case EACCES:
362	continue;
363	default:
364	goto out;
365	diff --git a/utils/mountd/auth.c b/utils/mountd/auth.c
366	index 508040a..330cab5 100644
367	--- a/utils/mountd/auth.c
368	+++ b/utils/mountd/auth.c
369	@@ -10,10 +10,12 @@
370	#include <config.h>
371	#endif
372
373	+#include <sys/types.h>
374	#include <sys/stat.h>
375	#include <netinet/in.h>
376	#include <arpa/inet.h>
377	#include <errno.h>
378	+#include <fcntl.h>
379	#include <unistd.h>
380
381	#include "sockaddr.h"
382	@@ -21,7 +23,6 @@
383	#include "nfslib.h"
384	#include "exportfs.h"
385	#include "mountd.h"
386	-#include "xmalloc.h"
387	#include "v4root.h"
388
389	enum auth_error
390	diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
391	index e950ec6..45012be 100644
392	--- a/utils/mountd/cache.c
393	+++ b/utils/mountd/cache.c
394	@@ -29,7 +29,6 @@
395	#include "nfslib.h"
396	#include "exportfs.h"
397	#include "mountd.h"
398	-#include "xmalloc.h"
399	#include "fsloc.h"
400	#include "pseudoflavors.h"
401
402	@@ -109,12 +108,10 @@ static void auth_unix_ip(FILE *f)
403	struct addrinfo *ai = NULL;
404
405	ai = client_resolve(tmp->ai_addr);
406	- if (ai == NULL)
407	- goto out;
408	- client = client_compose(ai);
409	- freeaddrinfo(ai);
410	- if (!client)
411	- goto out;
412	+ if (ai) {
413	+ client = client_compose(ai);
414	+ freeaddrinfo(ai);
415	+ }
416	}
417	qword_print(f, "nfsd");
418	qword_print(f, ipaddr);
419	@@ -127,7 +124,6 @@ static void auth_unix_ip(FILE *f)
420	xlog(D_CALL, "auth_unix_ip: client %p '%s'", client, client?client: "DEFAULT");
421
422	free(client);
423	-out:
424	freeaddrinfo(tmp);
425
426	}
427	@@ -347,6 +343,30 @@ static char next_mnt(void v, char p)
428	return me->mnt_dir;
429	}
430
431	+static int is_subdirectory(char child, char parent)
432	+{
433	+ size_t l = strlen(parent);
434	+
435	+ if (strcmp(parent, "/") == 0)
436	+ return 1;
437	+
438	+ return strcmp(child, parent) == 0
439	+ \|\| (strncmp(child, parent, l) == 0 && child[l] == '/');
440	+}
441	+
442	+static int path_matches(nfs_export exp, char path)
443	+{
444	+ if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
445	+ return is_subdirectory(path, exp->m_export.e_path);
446	+ return strcmp(path, exp->m_export.e_path) == 0;
447	+}
448	+
449	+static int
450	+export_matches(nfs_export exp, char dom, char path, struct addrinfo ai)
451	+{
452	+ return path_matches(exp, path) && client_matches(exp, dom, ai);
453	+}
454	+
455	/* True iff e1 is a child of e2 and e2 has crossmnt set: */
456	static bool subexport(struct exportent e1, struct exportent e2)
457	{
458	@@ -354,8 +374,7 @@ static bool subexport(struct exportent e1, struct exportent e2)
459	size_t l2 = strlen(p2);
460
461	return e2->e_flags & NFSEXP_CROSSMOUNT
462	- && strncmp(p1, p2, l2) == 0
463	- && p1[l2] == '/';
464	+ && is_subdirectory(p1, p2);
465	}
466
467	struct parsed_fsid {
468	@@ -756,27 +775,6 @@ static int dump_to_cache(FILE f, char domain, char path, struct exportent ex
469	return qword_eol(f);
470	}
471
472	-static int is_subdirectory(char child, char parent)
473	-{
474	- size_t l = strlen(parent);
475	-
476	- return strcmp(child, parent) == 0
477	- \|\| (strncmp(child, parent, l) == 0 && child[l] == '/');
478	-}
479	-
480	-static int path_matches(nfs_export exp, char path)
481	-{
482	- if (exp->m_export.e_flags & NFSEXP_CROSSMOUNT)
483	- return is_subdirectory(path, exp->m_export.e_path);
484	- return strcmp(path, exp->m_export.e_path) == 0;
485	-}
486	-
487	-static int
488	-export_matches(nfs_export exp, char dom, char path, struct addrinfo ai)
489	-{
490	- return path_matches(exp, path) && client_matches(exp, dom, ai);
491	-}
492	-
493	static nfs_export *
494	lookup_export(char dom, char path, struct addrinfo *ai)
495	{
496	@@ -830,6 +828,7 @@ lookup_export(char dom, char path, struct addrinfo *ai)
497
498	#ifdef HAVE_NFS_PLUGIN_H
499	#include <dlfcn.h>
500	+#include <link.h>
501	#include <nfs-plugin.h>
502
503	/*
504	@@ -1094,6 +1093,7 @@ static struct exportent lookup_junction(char dom, const char *pathname,
505	struct addrinfo *ai)
506	{
507	struct exportent *exp;
508	+ struct link_map *map;
509	void *handle;
510
511	handle = dlopen("libnfsjunct.so", RTLD_NOW);
512	@@ -1101,6 +1101,11 @@ static struct exportent lookup_junction(char dom, const char *pathname,
513	xlog(D_GENERAL, "%s: dlopen: %s", __func__, dlerror());
514	return NULL;
515	}
516	+
517	+ if (dlinfo(handle, RTLD_DI_LINKMAP, &map) == 0)
518	+ xlog(D_GENERAL, "%s: loaded plug-in %s",
519	+ __func__, map->l_name);
520	+
521	(void)dlerror(); /* Clear any error */
522
523	exp = invoke_junction_ops(handle, dom, pathname, ai);
524	diff --git a/utils/nfsdcltrack/nfsdcltrack.c b/utils/nfsdcltrack/nfsdcltrack.c
525	index 9801b9c..4334340 100644
526	--- a/utils/nfsdcltrack/nfsdcltrack.c
527	+++ b/utils/nfsdcltrack/nfsdcltrack.c
528	@@ -379,6 +379,17 @@ cltrack_legacy_gracedone(void)
529	while ((entry = readdir(v4recovery))) {
530	int len;
531
532	+ /* skip "." and ".." */
533	+ if (entry->d_name[0] == '.') {
534	+ switch (entry->d_name[1]) {
535	+ case '\0':
536	+ continue;
537	+ case '.':
538	+ if (entry->d_name[2] == '\0')
539	+ continue;
540	+ }
541	+ }
542	+
543	/* borrow the clientid blob for this */
544	len = snprintf((char *)blob, sizeof(blob), "%s/%s", dirname,
545	entry->d_name);
546	diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c
547	index 4ecb03c..fd576d9 100644
548	--- a/utils/statd/rmtcall.c
549	+++ b/utils/statd/rmtcall.c
550	@@ -68,21 +68,19 @@ statd_get_socket(void)
551	{
552	struct sockaddr_in sin;
553	struct servent *se;
554	- int loopcnt = 100;
555	+ const int loopcnt = 100;
556	+ int i, tmp_sockets[loopcnt];
557
558	if (sockfd >= 0)
559	return sockfd;
560
561	- while (loopcnt-- > 0) {
562	-
563	- if (sockfd >= 0) close(sockfd);
564	+ for (i = 0; i < loopcnt; ++i) {
565
566	if ((sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
567	xlog(L_ERROR, "%s: Can't create socket: %m", __func__);
568	- return -1;
569	+ break;
570	}
571
572	-
573	memset(&sin, 0, sizeof(sin));
574	sin.sin_family = AF_INET;
575	sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
576	@@ -96,7 +94,16 @@ statd_get_socket(void)
577	if (se == NULL)
578	break;
579	/* rather not use that port, try again */
580	+
581	+ tmp_sockets[i] = sockfd;
582	}
583	+
584	+ while (--i >= 0)
585	+ close(tmp_sockets[i]);
586	+
587	+ if (sockfd < 0)
588	+ return -1;
589	+
590	FD_SET(sockfd, &SVC_FDSET);
591	return sockfd;
592	}